The article discusses tensions regarding the protection of Swedish public library users’ privacy when making use of the internet. 15 interviews with library managers and IT-librarians representing 13 libraries from 13 of Sweden’s 21 counties, have been analysed thematically based on activity theory. Three levels of contradictions – primary, secondary, and quaternary –were identified, comprising tensions relating to: absence of consultation of professional codes of ethics; lack of knowledge about when and how to protect users’ privacy; uncertainties regarding interpretation and implementation of vital national and international privacy regulations; and challenges balancing confidentiality ideals with the requirements of municipal IT policies. In conclusion, it is argued that libraries should be viewed as not only policy ‘takers’ but also policy ‘makers’ – emphasising the needs and possibilities of libraries to assert power over everyday interpretations and decisions concerning the protection of user privacy. The study fills a gap as one of few studies discussing the libraries’ strategies to protect their users’ privacy concerning internet use and complements existing research regarding geographical scope.